As developers, we seem to take a special delight in personalizing the virtual worlds in which we work – from color palettes to keyboards, fonts, macros, you name it. “Off-the-rack” is never good enough, we want Saville Row tailoring for our environments.

And a lot of the tools we use support and encourage that customization, giving us control over every little option.

But not every tool we use does so – read on to learn a very simple trick to how to take control even when your tool doesn’t make that easy.

In my day job, one of my main focuses is software reliability and correctness, so it makes sense that I would be a big fan of static analysis.

I’ve written previously about the static analysis provided by clang. Today, I want to take a bit of a “deep-dive” into the whole subject by putting both clang and cppcheck through their paces, using them to analyze a benchmark suite designed to exercise static analysis tools. In the course of doing that, I’ll also provide some helper scripts that make working with the tools easier.

I keep singing the praises of clang, and with good reason – the clang project has been advancing the state of C/C++ compiler technology on Linux and OS X for quite a while now.

The modular design of the compiler has also enabled the creation of a set of ancillary tools, including run-time “sanitizers” (which I wrote about earlier), as well as pretty-printers, and a tool to automatically upgrade code to C++11.

Today I want to talk about clang’s static analysis engine, which can do a deep-dive on your code and find problems that are hard for a human to detect, but that are amenable to a brute-force approach that models the run-time behavior of a piece of code, but at compile-time.

clang is a great compiler, with a boatload of extremely helpful tools, including static analysis, run-time memory and data race analysis, and many others. And it’s apparently pretty easy to get those benefits on one of the supported platforms – basically Ubuntu and Mac (via XCode).

That’s fine, but if you get paid to write software, there’s a good chance it’s going to be deployed on RedHat, or one of its variants. And, getting clang working on RedHat is a huge pain in the neck. The good news is that I did the dirty work for you (ouch!), so you don’t have to.

When I was a kid I went to Catholic school, and back in those days
the nuns would indeed rap your knuckles with a ruler if you
misbehaved. That doesn’t happen so much any more, but when I see someone
making use of the copy-paste anti-pattern,
I’m tempted to reach for a ruler myself.
(I know, probably not a good career move ;-)

Short of rapping someone’s knuckles with a ruler, though, how do you show some poor sinner the error of his ways?

Well, I’m here to tell you that it’s possible to write whole Perl programs that
actually accomplish useful work, without any regular expressions at all! And, if you do
that, you can actually read the code!

It turns out that Perl is a dandy scripting language, and while some may take issue
with its flexibility (“There’s more than one way to do it”), others (including me) find that flexibility very useful.